diff -r d2ee97ff6d3e -r b999bd4dd461 src/pyams_security/interfaces/__init__.py --- a/src/pyams_security/interfaces/__init__.py Wed Jun 17 09:59:26 2015 +0200 +++ b/src/pyams_security/interfaces/__init__.py Tue Jun 30 15:02:07 2015 +0200 @@ -714,14 +714,26 @@ required=True, default=True) - everyone_permissions = PermissionsSetField(title=_("Public permissions"), - description=_("These permissions will be granted to all users"), + everyone_denied = PermissionsSetField(title=_("Public denied permissions"), + description=_("These permissions will be denied to all users. " + "Denied permissions take precedence over granted " + "ones."), + required=False) + + everyone_granted = PermissionsSetField(title=_("Public granted permissions"), + description=_("These permissions will be granted to all users"), + required=False) + + authenticated_denied = PermissionsSetField(title=_("Authenticated denied permissions"), + description=_("These permissions will be denied to " + "authenticated users. Denied permissions " + "take precedence over granted ones."), required=False) - authenticated_permissions = PermissionsSetField(title=_("Authenticated permissions"), - description=_("These permissions will be granted to authenticated " - "users"), - required=False) + authenticated_granted = PermissionsSetField(title=_("Authenticated granted permissions"), + description=_("These permissions will be granted to authenticated " + "users"), + required=False) inherit_parent_roles = Bool(title=_("Inherit parent roles?"), description=_("Get roles granted on parent levels"), @@ -749,6 +761,21 @@ def get_permissions(self, principal_id): """Get ID of permissions granted to given principal""" + def get_everyone_denied(self): + """Get denied permissions for everyone, including inherited ones""" + + def get_everyone_granted(self): + """Get granted permissions for everyone, including inherited ones""" + + def get_authenticated_denied(self): + """Get denied permissions for authenticated, including inherited ones""" + + def get_authenticated_granted(self): + """Get granted permissions for authenticated, including inherited ones""" + + def get_granted_roles(self): + """Get all roles, including inherited ones""" + class IRoleProtectedObject(IProtectedObject): """Roles protected object interface"""